<?php
try {
    $db = new PDO('mysql:host=localhost;dbname=db5', 'root', '12qwas');
    $db->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE,PDO::FETCH_ASSOC);
    session_start();
    $hasRight=$_SESSION['user']['xh']===$_GET['xh'] || $_SESSION['user']['isAdmin'];//判断用户是否有修改的权限
    if ($r=$_POST){
        if ($r['pwd']!==$r['pwd2'])throw new Exception('两次输入的口令不一致，请重新输入~');
        if ($r['pwd']){//输入有口令，要判断是否满足口令的规则要求
            if (preg_match('@^(?=.*?\d)(?=.*?[a-z])(?=.*?[^0-9a-z]).{3,20}$@',$r['pwd'])!==1){
                throw new Exception('口令需要3~20个字符，须同时包含字母、数字及其他字符');
            }
        }elseif($_GET['xh']){//要修改用户的信息，但没有提供口令，表示用户原来的口令不用修改
            $r['pwd']=$_SESSION['user']['pwd'];
        }else{//注册新用户但没有提供口令，这是一种错误
            throw new Exception('注册用户必须提供口令~');
        }
        echo'<pre>',print_r($_POST,return: true, ),print_r($_GET,return: true, ),"</pre>";
        if ($_GET['xh']){//修改已经存在的记录
            if ($hasRight){//有权限执行修改
                $PS=$db->prepare('update students set xh=?, name=?, tel=?, pwd=? where xh=?');
                $PS->execute([$r['xh'],$r['name'],$r['tel'],$r['pwd'],$_GET['xh']]);
                if ($_SESSION['user']['xh']===$_GET['xh'])$_SESSION['user']=$r;//登录用户的信息被修改了，这里也需要进行修改
            }else{//没有权限修改记录
                throw new Exception('对不起，你没有修改的权限~');
            }
        }else{//注册新用户
            $PS=$db->prepare('insert into students (xh,name,tel,pwd) value (?,?,?,?)');
            $PS->execute([$r['xh'],$r['name'],$r['tel'],$r['pwd']]);
        }
        header('LOcation: index.php');
        return;
    }elseif($_GET['xh']){//修改用户信息
//        session_start();
//        $hasRight=$_SESSION['user']['xh']===$_GET['xh'];//判断用户是否有修改的权限
        $ps=$db->prepare("select * from students where xh=?");
        $ps->execute(array($_GET['xh']));
        $r=$ps->fetch();
        if ($r===false)throw new Exception(message: '找不到要修改的记录~');
        if (!$hasRight)throw new Exception(message: '对不起，你没有修改的权限~');
//    echo'<pre>',print_r($r,return: true),"</pre>";
    }else{//注册新用户
        $hasRight=true;
    }
}catch (Throwable $e){
    $msg=$e->getMessage();
}
?>
<!doctype html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title><?=$_GET['xh']!==null?'修改':'注册'?>用户信息</title>
    <style>
        h1{ color:red; }
        input{ padding:10px; margin: 5px 0; border-radius: 8px; }
        .msg{ color:red; margin:10px 0; }
    </style>
</head>
<body>
<h1><?=$_GET['xh']!==null?'修改':'注册'?>用户信息</h1>
<form method="post" >
    学号：<input type="text" name="xh" value="<?=$r['xh']?>"<?=$hasRight?'':' disabled'?>><br>
    姓名：<input type="text" name="name" value="<?=$r['name']?>"<?=$hasRight?'':' disabled'?>><br>
    电话：<input type="text" name="tel" value="<?=$r['tel']?>"<?=$hasRight?'':' disabled'?>><br>
    口令：<input type="password" name="pwd"<?=$hasRight?'':' disabled'?>/><b><?=
        isset($_GET['xh'])&&!$msg?'   留空将不会修改原来的口令':'   3~20个字符，须同时包含字母、数字及其他字符'?></b><br>
    再次：<input type="password" name="pwd2"<?=$hasRight?'':' disabled'?>/><br>
    <div class="msg"><?=$msg?></div>
    <input type="submit" value="提交数据"<?=$hasRight?'':' disabled'?>>
</form>
</body>
</html>